How AWS CodeArtifact Simplifies Our Private Package Management
Discovering AWS CodeArtifact: The Solution I Didn’t Know I Needed
At Reflex Media, we have several private repositories that we use in our core products. We had been using Bitbucket for package management. While it got the job done, it came with its own set of headaches — constant permission issues, managing access for new team members, and navigating decentralized package management that felt scattered and inefficient.
Managing software dependencies and packages is a challenge that grows in complexity as your projects and codebase expand. Keeping track of various versions and dependencies between internal libraries and third party packages can turn dependency management into a tangled mess.
I started looking for a better way to streamline and simplify our workflow. That’s when I found AWS CodeArtifact — a service that promised to centralize our packages, simplify permissions, and bring order to the chaos!
This article will walk you through why AWS CodeArtifact became the perfect fit for us and how it can help you take control of your private package management.
Problems with Traditional Package Management
Traditional package management presents challenges, including
- permission issues for new developers
- difficulties in identifying the latest package versions without manually checking on them
- unnecessary access requests to multiple repositories, resulting in workflow inefficiencies.
How AWS CodeArtifact Addresses These Issues
AWS CodeArtifact simplifies
- permissions by requiring only an IAM user with the right access
- eliminates version mismatch problems by ensuring published package versions cannot be changed
- centralizes package management so users can access newly published packages without needing additional permissions.
AWS CodeArtifact: Our Package Doraemon
I would describe AWS CodeArtifact as the Doraemon for package management — the futuristic robot cat with a magical “anyhow pocket” that can store anything you need. Just ask, and boom; it’s there, no questions asked.
AWS CodeArtifact works the same way. It’s your very own centralized hub for packages and dependencies. Need a package? Simply request it, and it’s available instantly. No more permission headaches, no missing versions — just seamless, efficient access whenever you need it.
Prerequisites
Before setting up AWS CodeArtifact for private packages, make sure you have the following:
- An AWS account
- AWS CLI and npm installed in your local
- A codebase with package dependencies that you want to manage in CodeArtifact
- A
~/.aws/credentialsfile containing the appropriate AWS Credentials
Note: IAM users should minimally have the following permissions:
AWSCodeArtifactAdminAccessfor package authorsAWSCodeArtifactReadOnlyAccessfor consumers
Let’s create Our First Repository in AWS CodeArtifact
Login to your aws account and go to aws code artifact
Step1: Create a repository
Step 2: Select a domain (create a new domain if you don’t have one yet)
Step3: Review and create
How to Publish a Package to AWS CodeArtifact
First, let’s publish a package from your local environment to AWS CodeArtifact.
Assuming you have an existing codebase with a package.json ready for publishing, let's create the first major release by running:
npm version majorThis will create version v1.0.0. Next, create a pre-publish.sh script to configure the npm publish command to authenticate and publish the package to our AWS CodeArtifact repository.
#!/bin/bash
// Get the auth token for authentication
TOKEN=`aws codeartifact get-authorization-token --domain <your-domain> --domain-owner <your-accound-id> --region <your-region> --query authorizationToken --output text`
echo "registry=https://<your-domain>-<your-account-id>.d.codeartifact.<your-region>.amazonaws.com/npm/<repository-name>/
//<your-domain>-<your-account-id>.d.codeartifact.<your-region>.amazonaws.com/npm/<repository-name>/:always-auth=true
//<your-domain>-<your-account-id>.d.codeartifact.<your-region>.amazonaws.com/npm/<repository-name>/:_authToken=$TOKEN" > .npmrc
The pre-publish.sh script retrieves the auth token from AWS and updates our .npmrc to point to CodeArtifact.
Add the pre-publish.sh script to your package.json:
....
"scripts": {
"prepublishOnly": "sh ./pre-publish.sh",
},
....Now that we’ve setup everything, let’s publish it by running:
npm publishHow to Consume a Package from AWS CodeArtifact
Now, let’s consume the package you’ve published from another project:
yarn add package-nameAn unexpected error occurred: “https://registry.yarnpkg.com/package-name: Not found”.
If you encounter the above error, it’s because the yarn add command looks for your package in the npm registry, where it doesn’t exist. To resolve this, we need to add a pre-install.sh script that directs the package manager to CodeArtifact.
#!/bin/bash
// Get the auth token for authentication
TOKEN=`aws codeartifact get-authorization-token --domain <your-domain> --domain-owner <your-accound-id> --region <your-region> --query authorizationToken --output text`
echo "registry=https://<your-domain>-<your-account-id>.d.codeartifact.<your-region>.amazonaws.com/npm/<repository-name>/
//<your-domain>-<your-account-id>.d.codeartifact.<your-region>.amazonaws.com/npm/<repository-name>/:always-auth=true
//<your-domain>-<your-account-id>.d.codeartifact.<your-region>.amazonaws.com/npm/<repository-name>/:_authToken=$TOKEN" > .npmrcAdd the pre-install.sh script to your package.json:
"scripts": {
"preinstall": "sh ./pre-install.sh",Now, try installing your package again with:
yarn add package-nameIt should install successfully. However, if you remove node_modules and try to reinstall, you may encounter issues as your packages will attempt to install from CodeArtifact. To resolve this, we'll add a scope to the registry.
Add scope to registry
Let’s add a scope/namespace to your package by updating the package.json:
{
"name": "@your-org/package-name",
.....
// Here @your-org is your scope or namespaceNow, update the pre-publish.sh and pre-install.sh scripts accordingly:
#!/bin/bash
// Get the auth token for authentication
TOKEN=`aws codeartifact get-authorization-token --domain <your-domain> --domain-owner <your-accound-id> --region <your-region> --query authorizationToken --output text`
echo "@my-org:registry=https://<your-domain>-<your-account-id>.d.codeartifact.<your-region>.amazonaws.com/npm/<repository-name>/
//<your-domain>-<your-account-id>.d.codeartifact.<your-region>.amazonaws.com/npm/<repository-name>/:always-auth=true
//<your-domain>-<your-account-id>.d.codeartifact.<your-region>.amazonaws.com/npm/<repository-name>/:_authToken=$TOKEN" > .npmrcNow that we have added a scope, our packages will be retrieved from CodeArtifact, while the rest will be looked up in the npm registry.
Final Thoughts
AWS CodeArtifact makes managing private packages easier by resolving common issues with permissions, versioning, and storage. It streamlines your workflow, allowing you to concentrate on development without the hassle of access or version conflicts.
If you have insights or additional points to share, I’d love to hear them! Feel free to drop a comment, and I’ll include them in the discussion. Happy coding!
